Security

Disaster stories involving the Internet of Things are all the rage. They feature cars (both driven and driverless), the power grid, dams, and tunnel ventilation systems. A particularly vivid and realistic one, near-future fiction published last month in New York Magazine, described a cyberattack on New York that involved hacking of cars, the water system, hospitals, elevators, and the power grid. In these stories, thousands of people die. Chaos ensues. While some of these scenarios overhype the mass destruction, the individual risks are all real.

More than 100 malicious Tor Hidden Services Directories (HSDirs) were found to be snooping on the services they host, and in some cases, operators were actively using the data collected to attack the services.

Researchers have crafted a stealthy new way of bypassing Windows User Account Controls (UAC) that opens the door to attacks on targeted systems. According researchers, the bypass technique can fly under the radar of security solutions that monitor for this type of circumvention.

A Dallas, Texas man accused of prostituting underage girls was secretly ordered by a federal judge to unlock his iPhone using his fingerprint, according to federal court documents that are now unsealed.

On Saturday evening, during the Eleventh HOPE conference in New York City, three hackers released the final master key used by the Transportation Security Administration (TSA), which opens Safe Skies luggage locks.

The talk was given by DarkSim905, a lock enthusiast who heads the New Jersey chapter of TOOOL (The Open Organization of Lockpickers); Nite 0wl, a member of TOOOL from New York City; and Johnny Xmas, of RedLegg International's TradeCraft Labs.

In December of 1967 the Silver Bridge collapsed into the Ohio River, killing 46 people. The cause was determined to be a single 2.5 millimeter defect in a single steel bar—some credit the Mothman for the disaster, but to most it was an avoidable engineering failure and a rebuttal to the design philosophy of substituting high-strength non-redundant building materials for lower-strength albeit layered and redundant materials. A partial failure is much better than a complete failure.

A team of three researchers went so far as to search and discover a PHP zero-day so they could hack PornHub as part of its official bug bounty program.

The path the three took to hack PornHub is something not usually seen in regular security research. Because PornHub servers were somewhat secure from common attack vectors, the researchers were forced to get creative with their attack routine.

The media is delving into the digital life of the teenage shooter who opened fire at McDonald’s in Munich Germany’s Olympia Mall. Nine people were killed and 27 others were injured in the tragic rampage. In the end, he killed himself. So far, it’s been reported that he hacked Facebook to lure victims, bought a gun on the ‘dark net’ and played the ‘violent’ video game Counter-Strike.

Love it or hate it, Uber has helped transform many people's lives and the way they travel in urban areas. At its core, Uber is not a taxi company; it's a technology service, and one of its primary assets is user information.

Uber recently closed a high-impact flaw in its platform that could potentially have put user information at risk.

Mobile devices have without a doubt brought convenience to the masses, but that benefit comes at a high price for journalists, activists, and human rights workers who work in war-torn regions or other high-risk environments. Now, NSA whistleblower Edward Snowden has designed an iPhone accessory that could one day be used to prevent the devices from leaking their whereabouts.